Mutt mutt_gecos_name() Buffer Overflow May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1018066
|
|
SecurityTracker URL: http://securitytracker.com/id?1018066
|
|
CVE Reference: CVE-2007-2683
(Links to External Site)
|
Date: May 16 2007
|
Impact: Execution of arbitrary code via local system, User access via local system
|
Vendor Confirmed: Yes
|
Version(s): 1.4.2.2
|
Description: A vulnerability was reported in Mutt. A local user may be able to obtain elevated privileges on the target system.
A local user with a specially crafted real name gecos string (as defined via the operating system) can cause a buffer overflow in
mutt_gecos_name() to occur when the target user runs Mutt and an alias for the local user is expanded. Arbitrary code may be executed
on the target system with the privileges of the target user.
raylai reported this vulnerability.
|
Impact: A local user may be able to obtain elevated privileges on the target system.
|
Solution: The vendor has developed a source code patch, available at:
http://dev.mutt.org/trac/ticket/2885
|
Vendor URL: www.mutt.org/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 15 May 2007 23:39:13 -0400
Subject: Mutt
|
> Buffer overflows in mutt_gecos_name
http://dev.mutt.org/trac/ticket/2885
CVE-2007-2683
|
|
